New Waledac virus/trojan unrecognized by Avast!

http://edetools.blogspot.com/2009/07/aggiornamento-waledac-botnet-5-luglio.html

This new variant polymorphic virus/trojan is not detected by current Avast!
http://www.virscan.org/report/0f64ccb55ec4c3c25c0233d16fea76ef.html
http://www.virustotal.com/it/analisis/909a0a3faeee8bb1fb839bf6a7e7ccc72c42429201ea4bd50d2707cec208faba-1246701217

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic and scan results pages might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

There are at least 16 variants of this virus though.
Avast team should read the link above and try to download at least 5-6 variants to find a good pattern…
1 upped file is not enough

Ok, I’ve added some comments with links using the Chest upload feature…

Hi hexaae,

Chinese authorities refuse to cooperate.
According to security expert Gary Warner this problem is partly caused by a Chinese domain registrar that does not want to cooperate with other parties to close down certain Waledac domain names. There is no reaction to either Chinese or UK requests to do so, so the botnet has been using certain domainnames undisturbed for months now.

For these kind of threats it is always a good idea to accompany avast with specific free anti-malware non-resident scanning programs like MBAM and SAS that certainly have the latest protection against Waledac,

polonus

Interesting… thank you.

Thanks for trying to improve detections.